Platform

Box Security: 4 Layers in the Cloud Keep Your Content Safe

We know our users trust us with precious–and sometimes extremely sensitive–information, which is why we're very serious about security at Box. As a Box user, you're probably used to signing into your account with an email address and password whenever you want to access your content, however that's just one system of many we have in place to protect your information.

All your content on Box is private by default, which means your files are only accessible if you decide to share them with others. And if you do decide to share, you can rest easy knowing there are still plenty of safeguards in place to keep you in control of your content at all times. We're big fans of sharing and collaboration (no surprise there), so we want to make it easy for you to share content without worrying about security issues.

Here's a quick look at the 4 levels of security we use at Box:

Data Center

Our enterprise-grade tier 3 data centers are geographically dispersed, constantly audited, and feature round-the-clock video surveillance. We provide a 99.9% uptime guarantee, and pass every data request through an audited verification code, which ensures that the user is authorized for the action requested. Last but certainly not least, Box is also SAS70 Type II and Safe Harbor certified.

Network

Box enterprise and business accounts have 256-bit SSL security, ensuring that all data transferred between our servers and the internet is encrypted. Filenames are encoded on our servers, and we prohibit search engines and bots from indexing users' files. This means that even though you can create a "shared link" to a file and send it to another person, the file will not appear in search engine results.

User

As stated earlier, all files you upload to Box are private by default. Even if you share a file, you're in complete control of who has access, and how much access they have. For example, you can make a file "preview only," meaning that people accessing the file will be able to view it (using our snazzy preview feature) but not download it. We also have a variety of features in place for admins that make it easy to restrict permissions and delete sub users when necessary.

Application

Box employs strong user authentication which means that–in addition to simply requiring a password to log in–every single action on Box is only allowed after the system confirms that a user has the privileges to perform the action. Our system uses password protection at the file level, and admins in enterprise accounts are even able to run full audit trails of a sub user, giving them insight about the usage patterns in their account. Pretty nifty, huh?